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DETAILED ACTION 

Claim Rejections - 35 USC § 102 

1. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1-4, 6-8, 10-11, 29-35, 43-46, 48-50, 52-53, 71-77, 85, 87, 89, and 
91 are rejected under 35 U.S.C. 102(e) as being anticipated by French et al (US 
6,282,658 B2). 

a. Referring to claim 1: 
i. French teaches: 

(1) receiving a request for a digital certificate for a user 
having an electronic account, wherein the electronic account is linked to a physical 
address of the user; generating, by a certificate authority, the digital certificate for the 
user, wherein the digital certificate includes information enabling authentication of a 
transaction on the network; and linking the digital certificate to the electronic account of 
the user [i.e., referring to Figure 1, the user inputs that first level information via a 
keyboard, mouse, voice digitizer or other suitable input mechanism at step 16 
Step 18 identifies that the user has completed first level information input. Step 
20 transmits the input. The transaction record 112 is initialized at step 22. Step 24 
performs an association check on the information input by the user. According 
French's invention, a user who wants to access information or process a 
transaction over a network is prompted to submit information to authentication 
process 10 through client 110. Authentication process 10 invokes the 
preprocessing step 26, in which the user is prompted to supply a first type of 



Application/Control Number: 09/809,325 
Art Unit: 2135 



Page 3 



user identification information. The first type of user identification information 
preferably comprises wallet-type information such as name, address, phone 
number, social security number, driver's license number and other common 
personal information (column 6, lines 15-24). In addition, authentication process 
10 matches, at step 32, the first type of information input by the user with 
information received from one or more separate data sources. Authentication 
process 10 also determines whether a request for information has been repeated 
more than a predetermined number of times at step 42. As illustrated in Figures 
37-40, after an indication of successful authentication the user is directed to input 
identification and challenge or password information to generate and store digital 
certificate 902. The digital certificate 902 contains a set of fields including user 
identification, a digital certificate serial number, an expiration period, as well as 
information related to the issuer of the digital certificate and fingerprint data for 
the digital certificate (column 16, lines 12-20)]. 

b. Referring to claim 2: 

i. French further teaches: 

(1) storing a reference to the digital certificate in a 
certificate directory at the certificate authority [i.e., as illustrated in Figures 37-40, 
after an indication of successful authentication the user is directed to input 
identification and challenge or password information to generate and store digital 
certificate 902. The digital certificate 902 contains a set of fields including user 
identification, a digital certificate serial number, an expiration period, as well as 
information related to the issuer of the digital certificate and fingerprint data for 
the digital certificate (column 16, lines 12-20)]. 

c. Referring to claim 3: 

i. French further teaches: 

(1) wherein the certificate authority includes a proofing 
server [i.e., referring to Figure 12, element 120 is an authentication/proofing 
server]. 

d. Referring to claim 4: 
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i. French further teaches: 

(1) wherein the certificate authority further includes a 
proofing workstation [i.e., referring to Figure 12, element 140 is a computer and/or 
workstation. Furthermore, Figure 12 also shows one or more resources 140 
which are accessible to application server 130. These may include, for example, 
databases, other computers, electronic memory, CD ROMs, RAID storage, tape or 
other archival storage, routers, terminals, and other peripherals and resources 
(column 6, lines 10-14)]. 

e. Referrinp to claims 6-8, 11: 

i. These claims have limitations that is similar to those of claim 
2, thus they are rejected with the same rationale applied against claim 2 above. 

f. Referring to claim 10: 

i. French further teaches: 

(1) wherein the digital certificate includes a public key for 
authenticating the digital certificate [i.e., the biometric data may be used as input 
fields or records in the preprocessing, first or second authentication level stages. 
Alternatively, biometric data may be used as a key to unlock and release a digital 
certificate 902 issued to the user, to be stored on client 110 or otherwise (column 
12, lines 59-63)]. 

g. Referring to claim 29: 

i. French further teaches: 

(1) receiving, at a proofing workstation, user information 
for a user with an electronic account, wherein the electronic account is linked to a 
physical address of the user; receiving identification information from the user at the 
proofing workstation; matching the user information to the identification information by 
the proofing workstation [i.e., referring to Figure 1, he user inputs that first level 
information via a keyboard, mouse, voice digitizer or other suitable input 
mechanism at step 16 Step 18 identifies that the user has completed first level 
information input. Step 20 transmits the input. The transaction record 112 is 
initialized at step 22. Step 24 performs an association check on the information 



Application/Control Number: 09/809,325 Page 5 

Art Unit: 2135 

input by the user. According French's invention, a user who wants to access 
information or process a transaction over a network is prompted to submit 
information to authentication process 10 through client 110. Authentication 
process 10 invokes the preprocessing step 26, in which the user is prompted to 
supply a first type of user identification information. The first type of user 
identification information preferably comprises wallet-type information such as 
name, address, phone number, social security number, driver's license number 
and other common personal information (column 6, lines 15-24). In addition, 
authentication process 10 matches, at step 32, the first type of information input 
by the user with information received from one or more separate data sources. 
Authentication process 10 also determines whether a request for information has 
been repeated more than a predetermined number of times at step 42. As 
illustrated in Figures 37-40, after an indication of successful authentication the 
user is directed to input identification and challenge or password information to 
generate and store digital certificate 902. The digital certificate 902 contains a set 
of fields including user identification, a digital certificate serial number, an 
expiration period, as well as information related to the issuer of the digital 
certificate and fingerprint data for the digital certificate (column 16, lines 12-20)]; 
and 

(2) sending an identification verification from the proofing 
workstation to a proofing server, when the user information has been matched to the 
identification information [i.e. referring to Figure 1, Preprocessing step 26 may thus 
include a set of validation checks including standard field checks, social security 
number validation, address validation, area code validation, and driver's license 
validation and other preliminary data verification (column 8, lines 50-55). 
Furthermore, responses, or actions, for each of the possible address-related 
status codes or error codes in error code matrix 156 (illustrated in Figures 9-11) 
are provided as output during the preprocessing step 26. The user is preferably 
given only one additional attempt to correct each address that has been rejected 
by address validation. If the address cannot be corrected after a total of two 
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attempts, the request proceeds as designated in the response matrix 154 
illustrated in Figures 9-11. The response matrix 154 may be located on 
authentication server 120, in authorization database 152 or elsewhere and serve 
to associate messages with test results and transaction records during the 
address portion of preprocessing step 26, concurrently with overall application 
processing. In other words, the response matrix 154 sends messages to client 
110 based upon specific verification tests or based upon the current status of the 
transaction record 112. For example, the message may prompt the user to verify 
that data which was input is correct or a message to direct the user to call 
customer service for manual intervention. The response matrix 154 is preferably 
parameter driven, so that appropriate messages can be associated with particular 
events (column 10, lines 28-50)]. 

h. Referring to claim 30: 

i. French further teaches: 

(1) receiving payment from the user at the proofing 
workstation [i.e., Table 2 shows the monthly payment amount appearing in the 
description column which provides by the users (column 8, lines 49)]. 

i. Referring to claim 31: 

i. French further teaches: 

(1) wherein the payment is received via credit card [i.e., 
in the event the user will be paying for a product or service with a credit card, 
authentication process 10 may invoke credit card verification at this point 
(column 11, lines 17-19)]. 

j. Referring to claims 32-35: 

i. These claims have limitations that is similar to those of 
claims 23-24, 26, and 28, thus they are rejected with the same rationale applied against 
claims 23-24, 26, and 28 above. 

k. Referring to claims 43-46. 48-50, 52-53: 
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i. These claims have limitations that are similar to those of 
claims 1-4, 6-8, and 10-11, thus they are rejected with the same rationale applied 
against claims 1-4, 6-8, and 10-11 above. 

k. Referring to claims 71-77: 

i. These claims have limitations that are similar to those of 
claims 29-35, thus they are rejected with the same rationale applied against claims 29- 
35 above. 

I. Referring to claims 85, 89: 

i. These claims have limitations that is similar to those of claim 
1, thus they are rejected with the same rationale applied against claim 1 above, 
m. Referring to claim 87: 

i. This claim has limitations that is similar to those of claim 71, 
thus it is rejected with the same rationale applied against claim 71 above, 
n. Referring to claim 91: 

i. This claim has limitations that is similar to those of claim 29, 
thus it is rejected with the same rationale applied against claim 29 above. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 5, 9, 12-15, 16-20, 23-28, 36-39, 51, 54-62, 65-70, 78-79, 80-81, 
86, 88, 90, and 92 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
French et al (US 6,282,658 B2). 

a. Referring to claims 9. 12-15: 

i. French teaches the claimed subject matter, however, French 
does not precisely point out the specific information containing in the digital certificate. 
However, French does imply: 
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(1) wherein the digital certificate includes a proofing 
workstation validation; certificate status, which is active, hold, or revoked [i.e., the 
digital certificate 902 contains information related to the issuer of the digital 
certificate and fingerprint data for the digital certificate (column 16, lines 12-20)]. 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) clearly state every detailed information within the 
digital certificate as shown in Figure 41 of French for authenticating the identity of 
network users (column 1, lines 22-23). 

iv. The ordinary skilled person would have been motivated to: 
(1) clearly state every detailed information within the 

digital certificate as shown in Figure 41 of French to provide an authentication system 
and method which preprocess information supplied by the user to check, for example, 
the standardization, format, validity and internal consistency of that information before 
comparing it to known data (column 2, lines 26-30). 

b. Referring to claim 5: 

i. French further teaches: 

(1) wherein the certificate authority is a United States 
Postal Service digital certificate authority [i.e., Figure 41 illustrates a digital 
certificate generated according to French's invention showing "This Certificate 
was issued by:". This is a place where the issuer's name (such as "United States 
Postal Service") could be included]. 

c. Referring to claims 16, 19: 

i. These claims have some limitations that is similar to those of 
claims 1-15, thus they are rejected with the same rationale applied against claims 1-15 
above. 

ii. In addition, French further teaches: 

(1) verifying, at the proofing workstation, the identity of 
the user; sending an identification verification from the proofing workstation to the 
proofing server, when the identity of the user is verified [i.e. referring to Figure 1, 
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Preprocessing step 26 may thus include a set of validation checks including 
standard field checks, social security number validation, address validation, area 
code validation, and driver's license validation and other preliminary data 
verification (column 8, lines 50-55). Furthermore, responses, or actions, for each 
of the possible address-related status codes or error codes in error code matrix 
156 (illustrated in Figures 9-11) are provided as output during the preprocessing 
step 26. The user is preferably given only one additional attempt to correct each 
address that has been rejected by address validation. If the address cannot be 
corrected after a total of two attempts, the request proceeds as designated in the 
response matrix 154 illustrated in Figures 9-11. The response matrix 154 may be 
located on authentication server 120, in authorization database 152 or elsewhere 
and serve to associate messages with test results and transaction records during 
the address portion of preprocessing step 26, concurrently with overall 
application processing. In other words, the response matrix 154 sends messages 
to client 110 based upon specific verification tests or based upon the current 
status of the transaction record 112. For example, the message may prompt the 
user to verify that data which was input is correct or a message to direct the user 
to call customer service for manual intervention. The response matrix 154 is 
preferably parameter driven, so that appropriate messages can be associated 
with particular events (column 10, lines 28-50)]. 
e. Referring to claim 1 7: 

i. French further teaches: 

(1) linking the digital certificate to a transaction on the 
network by the user, wherein the digital certificate can be used to authenticate the 
transaction [i.e., according French's invention, a user who wants to access 
information or process a transaction over a network is prompted to submit 
information to authentication process 10 through client 110. Authentication 
process 10 invokes the preprocessing step 26, in which the user is prompted to 
supply a first type of user identification information. The first type of user 
identification information preferably comprises wallet-type information such as 
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name, address, phone number, social security number, driver's license number 
and other common personal information (column 6, lines 15-24). In addition, 
authentication process 10 matches, at step 32, the first type of information input 
by the user with information received from one or more separate data sources. 
Authentication process 10 also determines whether a request for information has 
been repeated more than a predetermined number of times at step 42. As 
illustrated in Figures 37-40, after an indication of successful authentication the 
user is directed to input identification and challenge or password information to 
generate and store digital certificate 902 (column 16, lines 12-20)]. 

f. Referring to claim 18: 

i. French further teaches: 

(1) storing a reference to the digital certificate in a 
certificate directory at the proofing server [i.e., as illustrated in Figures 37-40, after an 
indication of successful authentication the user is directed to input identification 
and challenge or password information to generate and store digital certificate 
902. The digital certificate 902 contains a set of fields including user 
identification, a digital certificate serial number, an expiration period, as well as 
information related to the issuer of the digital certificate and fingerprint data for 
the digital certificate (column 16, lines 12-20)]. 

g. Referring to claim 20: 

i. This claim has limitations that is similar to those of claim 18, 
thus it is rejected with the same rationale applied against claim 18 above. 

h. Referring to claim 23: 

i. French further teaches: 

(1) wherein the proofing workstation includes a bar code 
scanner [i.e., biometric data may be employed either alone or in combination with 
the above preprocessing as well as subsequent authentication levels to ensure 
the identity of a user. That biometric data may include, for example, fingerprint 
information from the user, captured in analog or digital form, for instance, via an 
imprint peripheral (scanner is one of these peripherals) connected to client 110. 
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Biometric data may also include infrared or other digital retinal or iris scans 
(column 12, lines 44-55)]. 

i. Referring to claim 24: 

i. French further teaches: 

(1) wherein the identification verification is a bar code 
[i.e., biometric data may be employed either alone or in combination with the 
above preprocessing as well as subsequent authentication levels to ensure the 
identity of a user. That biometric data may include, for example, fingerprint 
information from the user, captured in analog or digital form ( that is a type of bar 
code), for instance, via an imprint peripheral (scanner is one of these peripherals) 
connected to client 110. 

j. Referring to claims 25-26: 

i. These claims have limitations that is similar to those of claim 
23, thus they are rejected with the same rationale applied against claim 23 above, 
k. Referring to claim 27: 

i. French further teaches: 

(1) wherein the proofing server is a United States 
Postal Service proofing server [i.e., referring to Figure 12, element 120 could 
represent a United States Postal Service authentication/proofing server]. 
I. Referring to claim 28: 

i. French further teaches: 

(1) wherein the proofing workstation is a United States 
Postal Service proofing workstation [i.e., referring to Figure 12, element 140 could 
represent a United States Postal Service computer and/or workstation], 
m. Referring to claim 36. 90. 92: 

i. These claims have limitations that is similar to those of claim 
16, thus they are rejected with the same rationale applied against claim 16 above, 
n. Referring to claims 37, 39: 

i. These claims have limitations that is similar to those of claim 
18, thus they are rejected with the same rationale applied against claim 18 above. 
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o. Referring to claim 38: 

i. This claim has limitations that is similar to those of claim 19, 
thus it is rejected with the same rationale applied against claim 19 above, 
p. Referring to claims 51, 54-57: 

i. These claims have limitations that are similar to those of 
claims 9 and 12-15, thus they are rejected with the same rationale applied against 
claims 9 and 1 2-1 5 above. 

q. Referring to claims 58-62. 65-70: 

i. These claims have limitations that are similar to those of 
claims 16-20, and 23-28, thus they are rejected with the same rationale applied against 
claims 16-20, and 23-28 above. 

r. Referring to claims 78-79: 

i. These claims have limitations that are similar to those of 
claims 36-37, thus they are rejected with the same rationale applied against claims 36- 
37 above. 

s. Referring to claims 80-81: 

i. These claims have limitations that are similar to those of 
claims 15 and 20, thus they are rejected with the same rationale applied against claims 
15 and 20 above. 

t. Referring to claim 86. 88: 

i. These claims have limitations that is similar to those of claim 
58, thus they are rejected with the same rationale applied against claim 58 above. 

4. Claims 21-22, 40-42, 63-64, 82-84 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over French et al (US 6,282,658 B2), and further in view of Messing 
(US 6,745,327). 

a. Referring to claim 21: 

i. French further teaches: 

(1) sending a private key from the proofing workstation to 
the proofing server, when the identity of the user is verified [i.e., the biometric data 
may be used as input fields or records in the preprocessing, first or second 
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authentication level stages. Alternatively, biometric data may be used as a key to 
unlock and release a digital certificate 902 issued to the user, to be stored on 
client 110 or otherwise (column 12, lines 59-63)]. 

ii. Although French does not explicitly mention the use of the 
private key in verifying, storing or generating the digital certificate, Messing teaches: 

(1) Figure 2 shows the authentication process. A user 
desiring to sign a document is authenticated by the certification authority computer on 
the basis of both the certificate and the user's secret or shared secret (column 6, lines 
38-59). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have combined the teaching of Messing into French 
for authenticating the identity of network users (column 1, lines 22-23). 

iv. The ordinary skilled person would have been motivated to: 
(1) have combined the teaching of Messing into French 

to provide an authentication system and method which preprocess information supplied 
by the user to check, for example, the standardization, format, validity and internal 
consistency of that information before comparing it to known data (column 2, lines 26- 
30). 

b. Referring to claim 22: 

i. This claim has limitations that is similar to those of claims 21 
and 13, thus it is rejected with the same rationale applied against claims 21 and 13 
above. 

c. Referring to claims 40-42, 82-84: 

i. These claims have limitations that are similar to those of 
claims 21-22, and 27, thus they are rejected with the same rationale applied against 
claims 21-22, and 27 above. 

d. Referring to claims 63-64: 
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These claims have limitations that are similar to those of 



claims 21-22, thus they are rejected with the same rationale applied against claims 21- 
22 above. 

Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Franklin et al (US 5, 883, 810) discloses an online commerce 
system facilitates online commerce over a public network using an online commerce 
card. The "card" does not exist in physical form, but instead exists in digital form, (see 
abstract). 
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